How to copy Menu Rights from one user to another user

I have been asked to copy Menu Rights from one user to another user many times over the years and have always done it manually, always a time consuming pain point. I am assuming that many of you have done this too so I am sharing an easy way to do it with a BAQ and DMT.

This is how it works:

  1. Execute the attached BAQ which will prompt you for the username to copy from and the username to copy to.
  2. Copy the BAQ results to an Excel file.
  3. Import this Excel file with DMT (Menu Security import) and the new menu rights are applied.

Note that it does not validate if the user you copy from or user you copy to actually exist, so pay close attention to spelling and typos.

CopyMenuSecurity.baq (39.0 KB)


Great idea. I downloaded your BAQ, but it doesn’t quite offer what your post says. There aren’t any parameters configured to prompt for usernames, and it doesn’t look like the column names line up with what DMT would expect? Did you upload the version you thought you were uploading?

Also, I would really recommend changing your approach to security. Don’t apply individual users to Menu Security entries - instead, create and add Security Groups. That way, when somebody leaves/changes roles/joins your company you just need to use User Account Maintenance to add them into the relevant groups for their role, instead of having to DMT against the Menu Security table.

I create security groups with prefix of “_” in the code, and description - this makes them float to the top of lists of Users/Group, such as in Menu Security. I also create “function” groups, prefixed with “__”, that I use in my Custom Code to check whether I want to allow a user to perform a certain function.

Hi Mark,
I’ve attached the current version here. This one definitely has the parameter prompts. The correct column names are there but make sure you are using the DMT import for “Menu Security” and not something else like “Security Group” or “User”.

MenuSecurityCopy.baq (14.0 KB)

While agree with you in principle about the groups, the reality is we are a very small company and many people wear multiple hats. Some people, like interns who we only hire once very two years are very niche and we add rights slowly as they learn more. A group for that individual would be pointless, since it is only one person every two years and it’s custom. Also we have 1 buyer and 1 buyer assistant. Would be silly to create a group for each individual because there is no real “group” of people and in the end we would have just as many groups as there are individuals, which defeats the purpose of groups. Now if we were a much larger company with clear department distinctions, then yes. But we are small and each user has unique rights that change over time.

The purpose of this COPY RIGHTS baq is just to get a new user started. As soon as a user is copied, we start customizing their rights again. So it does serve a different role than groups are designed for.

1 Like

Aaron - Thank You for sharing your BAQ and process! We use Security Groups verses User but I was able to take your BAQ and modify the parameter to use Security Groups.
Question for you or anyone else…have you noticed DMT taking a long time to complete updates on Menu Security?
I just ran an update in our Pilot environment with 224 Security Id’s and it took 1hr and 36 mins which seemed long to me. Still way better than making theses updates manually.

I do remember that DMT seemed to run oddly slow with user rights. We have less than 40 users so it wasn’t 90 min like that, but it was incredibly slow compared to other imports.

We have been using your BAQ for a while now with an update to the parameter to use Security Groups verses Users. It has been working great UNTIL recently. We are seeing something strange which we believe is in the NewEntryList calculated field during the replacement of the commas with tildes or possibly when adding the new security group.

We have two security group codes StkClrk1 and StkClrk2 which do not seem to be converting correctly. They are missing from the AllowAccess column and the numbers 1 & 2 seem to be appended to other security codes. Below is an example of what we are seeing. I added the Allow List column to see what the data looked like before going through the calculated NewEntryList field.

The StkClrk in the Allow List column is a new code we are just added and it is not showing in the AllowAccess assume because when I ran the BAQ I used CopyFrom StkClrk1 to StkClrk.

Hoping you can shed some light on what might be causing our issue.